Skip to main content

Dark data is wasting resources and your ESG score isn’t looking good either

·4 mins
ESG Sustainability Data Minimisation Data Retention Privacy by Design

Data protection and environmental sustainability are often seen as separate priorities, but they’re deeply connected, and the social component of ESG makes the relationship even more complex. The data we collect or generate, store, use, secure (and eventually delete) doesn’t just have an environmental impact, it also affects equity, access, and fairness.

Every email, photo, or click generates data, and storing it has a cost. Data centres require huge amounts of energy to operate. They run 24/7, consuming electricity and generating heat that demands additional cooling.

Data centres contribute approximately 2.5% to 3.7% of global greenhouse gas emissions, a figure that rivals the aviation industry. In a 2023 report from Loughborough University, it was estimated that by 2025, global data is expected to exceed 180 zettabytes. Zettabyte - that was a new term for me, and now 2025 is here, I wonder how close their estimate was (feel me to mail me if you have the latest figures).

The social angle: who pays the price?

The social implications of data protection and sustainability are less visible but just as critical. Communities near data centres often bear the brunt of their environmental impact. Water-intensive cooling systems strain local resources, and the reliance on non-renewable energy sources contributes to pollution in nearby areas.

Digital equity becomes a critical issue. Regions with lower technological infrastructure are disproportionately excluded from advancements in smart solutions. While richer organisations adopt eco-friendly practices and sophisticated measures, smaller businesses and underserved regions struggle to keep up, widening the global digital divide.

The tension between data protection and sustainability also highlights ethical questions. Are we designing systems that prioritise everyone’s well-being, or just those with the big pockets to navigate and address complex regulations and environmental challenges?

The ESG dilemma: ‘joined up thinking’ is key

Companies often silo their ESG efforts, tackling ‘E,’ ‘S,’ and ‘G’ independently. But real impact requires integrated thinking. Decisions about data protection can’t ignore their environmental costs, and sustainability strategies must address the social and ethical implications of digital transformation.

For example, ‘dark data’ (data collected but never used) contributes significantly to the environmental burden. Identifying and eliminating dark data isn’t just a sustainability move, it’s a governance action that directly supports data protection requirements. Also, offering transparent reporting on both data usage and carbon emissions builds trust with stakeholders and reinforces the ‘S’ and ‘G’ pillars.

And we can’t ignore recent political shifts, such as Donald Trump’s recent election victory. This has triggered an anti-ESG movement, resulting in some companies to down prioritise their ESG commitments. But with regulations (e.g. the EU’s Corporate Sustainability Reporting Directive (CSRD)) tightening and stakeholder expectations evolving, downscaling ESG is a short-sighted strategy. The integration of data protection and sustainability within ESG frameworks isn’t just a moral imperative, it’s becoming a business necessity.

Fortunately, there are some positive examples of companies who are demonstrating their commitment to ESG goals:

  • **Ecosia - **this eco-friendly search engine directs ad revenue to planting trees. Ecosia also runs on 100% renewable energy and doesn’t track user data, highlighting that data protection and sustainability can go hand in hand.

  • **Posteo - **a Berlin-based email provider prioritises sustainability by using genuine green energy from Green Planet Energy, efficient hardware, and recycled paper, avoiding misleading ‘certified energy’ claims.

  • **Recycled Cloud - **a Swiss-based company (part of e-Durable), combines eco-friendly cloud services through repurposed servers with strict data protection practices.

How Purpose and Means can help

We help businesses align their data protection efforts with their ESG goals using structured frameworks. Here’s one approach:

Data protection and ESG alignment framework

This approach ensures that data protection isn’t treated in isolation. It becomes an integral part of your ESG strategy, addressing environmental, social, and governance dimensions in a cohesive way.

With our framework, companies can integrate data protection into their ESG goals, creating a sustainable and socially responsible future.

Want to know more, or see example ESG-data protection matrices? Feel free to book a no obligation call.

Author
Tim Clements
Tim Clements is Business Owner of Purpose and Means, a data protection and GRC consultancy based in Copenhagen, operating globally. He helps data protection and GRC leaders simplify complexity into actionable strategies, providing tools, training, and support to engage and influence across the organisation. Tim is a Chartered Fellow of the BCS (British Computer Society).

Browse by Topic

access controls accountability accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation article 12 article 13 article 22 article 25 article 28 article 30 article 32 article 35 article 46 article 5 article 6 article 7 audit and assessment automated decision-making awareness awareness campaigns behaviour change beyond legal board level board reporting case law change management chief people officer cloud infrastructure compliance monitoring consent cookie compliance cross-border transfers customer success dark patterns data accuracy data breach notification data flows data mapping data minimisation data processing agreements data protection data protection by design data protection culture data protection day data protection hero data protection leader data quality data residency data retention data science data sovereignty data subject rights datatilsynet deceptive design direct marketing dora dpia education employee data employee engagement enterprise architecture eprivacy esg executive communication external legal counsel finance and banking gdpr gdpr at 10 generative ai governance grc healthcare horizon scanning hr and data protection hr and employment incident response information security intellectual property internal communications international transfers lawful basis leadership lego serious play machine learning marketing nis2 privacy by design privacy culture product management profiling public sector purpose limitation quantum computing records of processing regulatory guidance risk management risk reduction ropa sales security software development special category data standard contractual clauses strategic planning sub-processors supply chain sustainability system design third-party risk training design transparency trend radar ux design vendor management visual communication weak signals workshop facilitation

Related Posts